What I really need is this: A way to make the radius server think the User-Password string (sent from any AP) is our 'shared secret'. I can make it work if there is a way to do this. Here the Cisco AP will send the MAC as the 'User-Password' but radius will change it (before processing) to be our 'shared secret'. Any Suggestion? Please...
Thanks, Mike -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Wednesday, August 13, 2003 2:55 PM To: [EMAIL PROTECTED] Subject: Re: Cisco vs. Orinoco - MAC Authentication "Mike Hall" <[EMAIL PROTECTED]> wrote: > The two access point authenticate differently. The Orinoco sends the > Value as the SharedSecret & the Cisco sends the Value as the > MacAddress. You've said that before. > What can I do to make this work? I could create two entries like > this: ... > But this just confuses the Radius server and auth fails. So edit the SQL table definition & queries, so it selects by User-Password, too. > Please offer some suggestions on what we can do. Thanks again. I thought I had 3 suggestions in my last email. Did you try any of them? Here's another suggestion: create a new SQL table to hold the shared secrets for each AP, and do: DEFAULT User-Password == `%{sql:SELECT stuff by %{Client-IP-Address}:-%{User-Name}}` List the AP's that use the shared secret in the SQL database, and don't list the others. If the SQL query returns nothing, then the password will be set to the User-Name, which will work for the other AP's. That's 4 solutions. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
